Vulnerabilities > CVE-2022-42126 - Unspecified vulnerability in Liferay Digital Experience Platform and Liferay Portal

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

liferay

NVD

Published: 2022-11-15

Updated: 2022-11-18

Summary

The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.

Vulnerable Configurations

Part	Description	Count
Application	Liferay Liferay Digital Experience Platform 7.3 Liferay Digital Experience Platform 7.4 Liferay Liferay Portal 7.3.5 Liferay Liferay Portal 7.3.6 Liferay Liferay Portal 7.3.7 Liferay Liferay Portal 7.4.0 Liferay Liferay Portal 7.4.1 Liferay Liferay Portal 7.4.2 Liferay Liferay Portal 7.4.3.4 Liferay Liferay Portal 7.4.3.5 Liferay Liferay Portal 7.4.3.6 Liferay Liferay Portal 7.4.3.7 Liferay Liferay Portal 7.4.3.8 Liferay Liferay Portal 7.4.3.9 Liferay Liferay Portal 7.4.3.10 Liferay Liferay Portal 7.4.3.11 Liferay Liferay Portal 7.4.3.12 Liferay Liferay Portal 7.4.3.13 Liferay Liferay Portal 7.4.3.14 Liferay Liferay Portal 7.4.3.15 Liferay Liferay Portal 7.4.3.16 Liferay Liferay Portal 7.4.3.17 Liferay Liferay Portal 7.4.3.18 Liferay Liferay Portal 7.4.3.19 Liferay Liferay Portal 7.4.3.20 Liferay Liferay Portal 7.4.3.21 Liferay Liferay Portal 7.4.3.22 Liferay Liferay Portal 7.4.3.23 Liferay Liferay Portal 7.4.3.24 Liferay Liferay Portal 7.4.3.25 Liferay Liferay Portal 7.4.3.26 Liferay Liferay Portal 7.4.3.27 Liferay Liferay Portal 7.4.3.28	36

Summary

Vulnerable Configurations

References